named configuration
Chris Buxton
cbuxton at menandmice.com
Thu Jan 8 18:10:58 UTC 2009
On Jan 8, 2009, at 7:09 AM, Oliver Block wrote:
> Hello everybody,
>
> I am responsible for a so called vServer. I did not pay much
> attention to the
> nameserver setup as yet. But now I'd like to configure our named
> correctly in
> order to use dynamic updates for subdomains later.
>
> preface: I hope you don't mind that I obscure the output because I
> don't
> want to feed bots scanning this mailing list.
>
> When I call
>
> dig mydomain.org NS
>
> I get
>
> ;; QUESTION SECTION:
> ;mydomain.org. IN NS
>
> ;; ANSWER SECTION:
> mydomain.org. 1616 IN NS ns.myisp.net.
> mydomain.org. 1616 IN NS ns2.myisp.net.
>
> as nameservers. When I do the same for a subdomain, e.g.
>
> dig sub.mydomain.org NS
>
> I receive the following response:
>
> ;; QUESTION SECTION:
> ;sub.mydomain.org. IN NS
>
> ;; AUTHORITY SECTION:
> mydomain.org. 1666 IN SOA ns.myisp.net.
> hostmaster.myisp.net. 2007062401 28800 1800 604800 86400
>
> Which options do I have to run our named (in order to use dynamic
> updates for
> subdomains)?
First, an explanation of the result you're seeing for the second
query. This is a negative answer, meaning that sub.mydomain.org does
not exist.
Now, to your question, do you want to add records for subdomains to
the mydomain.org zone or do you want to create all new subzones? If
the latter, it can't be done via dynamic update - there's no way to
create a new zone on the server without modifying the configuration
files.
If you instead just want to create sub.mydomain.org in the
mydomain.org zone, all you have to do is add the allow-update (or
update-policy) statement to your zone statement on the master. You
should use TSIG keys if possible, or GSS-TSIG if you must, in
preference to insecure updates. You should also enable update
forwarding on ns2.myisp.net, which is especially easy if you use TSIG
or GSS-TSIG signatures.
Please read the relevant sections of the BIND 9 ARM regarding dynamic
updates and transaction signatures.
https://www.isc.org/software/bind/documentation/arm95#Bv9ARM.ch04
https://www.isc.org/software/bind/documentation/arm95#dynamic_update_security
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list